Example: https://signup.37signals.com/basecamp/Premium/signup/new?source=basecamphq.com<p>I thought the customer ALWAYS had to give a billing address on top of their Credit Card to prevent fraud charges.<p>How does Basecamp charge with no address?
It's not necessary. In fact, at some point I hope to write up a larger piece on it.<p>The only two NECESSARY pieces of data are the CC number and the expiration date. ZIP code drops some of the risk, and, accordingly, drops a fraction off the percent you're charged by the processor.<p>On the web app we're about to launch, we only have the number and the expiration date. I'm hoping to get my act together to do some A/B tests, but we're going into it assuming that we'll do better with fewer fields to fill out.
It's definitely not required, but it gives you a much better case if someone files a unauthorized chargeback. If you used AVS (Address Verification System) or the CVV number, you can in a sense prove that the person who made the purchase was the cardholder.<p>37Signals, and OrangeSlyce (my company) use Braintree which provides a VERY innovate solution called "Transparent Redirect". It allows you to accept credit cards directly on your site, with your domain, but the form posts directly to Braintree, and transparently redirects back to your site so the customer never leaves your domain. It's very cool stuff and I don't know of any other merchants that offer this.<p>Most importantly, the CC data never even enters your environment.
AVS (Address Verification Service) only looks for matching street and zip in the first place. Since you're allowed to send only a street or zip, I assume that just verifying the zip as they're doing avoids paying a higher transaction fee for not doing AVS at all.<p>Collecting a billing address or not doesn't do much to stem fraud when you're not shipping anything physical. Unless you're going to have your customers sign and mail/fax written authorization, you're going to have a hard time disputing chargebacks regardless.
It would be interesting to see some data on fraud rates in different industries.<p>It is easier to see the thief's risk/reward proposition when ordering a large screen TV with a stolen card than then signing up for a $50\month service. There as soon as you are discovered you loose access to the data that was the whole point anyway.
They use <a href="http://www.braintreepaymentsolutions.com/" rel="nofollow">http://www.braintreepaymentsolutions.com/</a>.<p>Not sure how Brain Tree handles that thing.